Alfred a écrit : > And ? It's a temporary solution that allow user to use an ssh client > and/or server, which is very usefull. You just have to add a debconf > warning saying that the entropy source is unsafe, and asking the user > to pay attention. We don't need more for now, since anyway no Hurd box > will be used in a critical environement in a near future.
> It is a temporary solution, but it is also the wrong solution. It is > just as unsafe as copying libc.so to /dev/urandom. A false sense of > security is worse than no security. If a user needs urandom that > badly, they can install it on their own. This prevents ssh & such to work with a simple apt-get, and that's wrong. If we cannot have strong security, than we tell it, but we do not suppress mostly-working programs just because of that. Anyway, a bad entropy generator isn't the main concern before using a GNU/Hurd box for something "real". -- Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org